Page 36 - index
P. 36
Hacktivists have generally sought information that will embarrass an organization and further
their cause, often via breaching corporate email systems.
By viewing assets through the eyes of identified or likely threat actors, one can compile a list of
potential data targets and proactively determine security efforts. Executives can create these
lists by meeting with their respective teams – or even through board-level briefings. Many
organizations now hire an outside expert to help identify the likeliest potential threats.
3. Monitor behavior
Cybersecurity was once solely about restricting permission – authorizing a limited number of
individuals with the proper credentials to access specific information, then monitoring their
usage. While that is still an important tactic, the whistleblowers of the world have demonstrated
that a permission-based model has limitations and can no longer be the primary tool in the
security toolbox.
Cybersecurity is rapidly expanding beyond the permission-based model to a behavior-based
one. Aided by big data analysis, threats are increasingly identified not by viewing individual
hacks, but rather by spotting and responding swiftly to atypical behaviors. This can prevent
small incidents from mushrooming into large, newsworthy breaches.
The banking industry, for instance, is already quite adept at continually monitoring for and
spotting abnormal behavior. It is becoming standard procedure to alert a customer if the bank
spots unusual activity on his credit card account. For example, if a bank’s security professional
or system sees a customer’s 50 typical transactions per day jump to 200, immediate and
definite action needs to be taken.
Behavioral anomaly spotting also extends beyond customers. It can apply to employees as well.
Atypical behavior is not the sole domain of humans: system-to-system communications should
also be monitored, because system IDs can be compromised just as easily as human IDs.
4. Redefine “enterprise”
Today’s enterprise includes employees, vendors, customers and partners, and extends out to
wherever they and their mobile devices roam.
As long as those players own a laptop, smartphone, tablet, phablet or other device that can
connect to your organization – not to mention to the cloud and the fast-emerging internet of
things – they represent a potential peril to enterprise data. In fact, most of today’s threat actors
enter not through a front door firewall, but rather through a side door such as a supplier or
business partner.
One way to combat the threat is to address the data chain of custody and cyber-risk in your
business contracts. One clause, for example, should authorize the enterprise to reserve the
right to conduct vendor data security testing.
36 Cyber Warnings E-Magazine – April 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
